Open in app

Sign in

Write

Sign in

Cartographer Web Challenge — HackTheBox

Kamran Saifullah
2 min readNov 2, 2018

--

After the completion of 2 web challenges successfully it’s time to move onto the Cartographer.

This challenge is all about hacking into C&C Server.

On opening the IP/DOMAIN:PORT we have the login panel to log into the portal. No common username and passwords work here as i tried admin:admin etc and other combinations while not bruteforcing the panel.

I always try to bypass the login panels using SQL Injection Queries and it worked fine here. I was logged into the panel.

Notice the URL and “info=” parameter. What are we looking for? the flag? Right!. That’s all.

This challenge was way more easy. The issue which arise here is that pentesters/hackers think way more out of the box and they keep on trying the combinations like “home, author, admin, blog, contact” etc etc. It wastes a lot of the time. This challenge was pretty simple while you don’t have to think outside the box.

Thank you for reading!

Security
Hacking
Htb
Penetration Testing
Ethicalhacking

--

--

Kamran Saifullah
Kamran Saifullah

Written by Kamran Saifullah

419 Followers
56 Following

Malware/RE/Firmware Analysis, App Sec/Off Sec, VAPT, Phishing Simulations/SE | Risk Management, IS Governance, Audits, ISO 27001 LI

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams